Skip to main content

Ehrd

6 CVEs product

Monthly

CVE-2021-43360 HIGH This Week

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Ehrd
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-43359 HIGH This Week

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Ehrd
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-43358 HIGH This Week

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ehrd
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-10510 MEDIUM This Month

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ehrd
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-10509 MEDIUM This Month

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ehrd
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10508 HIGH This Week

Sunnet eHRD, a human training and development management system, improperly stores system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ehrd
NVD
CVSS 3.1
7.5
EPSS
1.5%
EPSS 2% CVSS 8.8
HIGH This Week

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Ehrd
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Ehrd
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ehrd
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ehrd
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ehrd
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Sunnet eHRD, a human training and development management system, improperly stores system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ehrd
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy